Aggregator

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. It has been declared as critical. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. This vulnerability is referenced as CVE-2026-6025. It is possible to launch the attack remotely. Furthermore, an exploit is available.

1.      Qilin勒索团伙公布了新的受害者 2.      Payload勒索团伙公布新的受害公司 3.      Akira勒索团伙公布新的受害公司

OpenSSL Projectより、OpenSSL Security Advisory [13th March 2026]が公開されました。

OpenSSL Projectより、OpenSSL Security Advisory [16th October 2024]（"Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143)"）が公開されました。

A vulnerability, which was classified as critical, was found in IBM Langflow Desktop up to 1.8.2. The affected element is an unknown function of the component Langflow. Executing a manipulation can lead to deserialization. This vulnerability is handled as CVE-2026-3357. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in IBM Verify Identity Access Container, Security Verify Access Container, Verify Identity Access and Security Verify Access. It has been rated as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in execution with unnecessary privileges. This vulnerability is identified as CVE-2026-1346. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in IBM Tivoli Netcool Impact up to 7.1.0.37. This vulnerability affects unknown code. The manipulation results in sensitive information in log files. This vulnerability is cataloged as CVE-2026-4788. The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in IBM Verify Identity Access Container, Security Verify Access Container, Verify Identity Access and Security Verify Access. It has been classified as critical. This impacts an unknown function. This manipulation causes server-side request forgery. The identification of this vulnerability is CVE-2026-1343. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in Gravity Forms Plugin up to 2.9.30 on WordPress. The impacted element is the function GFCommon::send_json of the component Content-Type Handler. Executing a manipulation of the argument form_ids can lead to cross site scripting. This vulnerability appears as CVE-2026-4406. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in wpchill Download Monitor Plugin up to 5.1.10 on WordPress and classified as problematic. The impacted element is the function actions_handler of the file class-dlm-downloads-path.php. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2026-4401. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

日本政府内阁会议敲定了《基因组编辑胚胎规制法案》，内容为附带罚则禁止用基因组编辑技术改变人类受精卵的基因并以生育为目的向人类、动物子宫进行移植的研究及治疗。此举旨在管制基因编辑婴儿的出生。对受精卵的基因组编辑有望对遗传性疾病起到预防作用，但另一方面也存在产生超出预期的影响等技术层面的极限和风险。试图得到按照意愿设定身高等特征和容貌、运动能力的“设计款婴儿”的做法也引人担忧。目前根据国家的指针，将经过基因组编辑的受精卵放回人体子宫的做法受到部分禁止，但即便违反也没有相应的处罚规定。此次法案把用经过基因组编辑的精子和卵子制成的受精卵也列为对象。若向人类、动物的子宫进行移植，则处以 10 年以下监禁或 1000 万日元以下罚金，或者两项并罚。

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro 

Новый выпуск клиента исправляет старую проблему MTProto и делает блокировку соединения менее предсказуемой.

速修复

行业需要想清楚如何为‘修复’提供资金，而不仅仅是为‘发现’买单。

近日，《纽约时报》记者Mike Isaac和Erin Griffith发文揭示了AI编程工具普及后的另一面：代码过载。一家金融服务公司引入AI编程工具后，月产代码量从2.5万行跳升至25万行——增长1...

这家两个月达成千万美金 ARR 的团队，认为音乐才是 AI 视频的入口。

美国 CDC 公布的初步统计数据显示，2025 年美国女性生育的婴儿数量比 2007 年的峰值纪录减少约 71 万。 2007 年美国共有 4,316,233 名婴儿出生。2025 年尽管美国总人口数量更多，但新生儿数量仅为 3,606,400 人。为何生育率下降？部分专家认为是经济方面的因素导致的，另一部分专家则认为是文化影响，以及女性获得更好的教育和避孕途径。数据显示，年轻女性、青少年和二十多岁女性的生育率都出现了大幅下降，其中青少年怀孕率下降了 7%。

开源AI平台Flowise被曝存在远程代码执行漏洞，攻击者可通过未校验配置执行任意代码，目前已被野外利用。

由于系统对 HTTP 重定向处理不当，攻击者可直接访问 ShareFile 管理后台界面。